OpenMSP
Chkrootkit logo

Chkrootkit

Endpoint Security (Antivirus/EPP)

Open Source
Free Tier
Self-hosted
OpenMSP Score
39
14
Reddit Impact Score
Github Score
1K
253Stars
62Forks
13Commits
OtherLicense
Nov 15, 2022Last commit

Alternative Vendors

Osquery
Osquery
ClamAV
ClamAV
Lynis
Lynis
Velociraptor
Velociraptor

Commercial Alternatives

Todyl
Todyl
Webroot Endpoint Protection
Webroot Endpoint Protection
Bitdefender GravityZone
Bitdefender GravityZone
Sophos Intercept X
Sophos Intercept X
Open source tool to locally check for signs of a rootkit More detailed information about this vendor will be added soon.
image media

Key Features

Rootkit Detection

Detects over 70 different rootkits, worms, and LKMs by checking system binaries for modifications and comparing filesystem traversal with process lists

System File Integrity Checking

Scans critical system files for anomalies and tampering using signature detection and behavioral analysis to identify potential security compromises

Lightweight Portable Tool

Minimal resource footprint with simple shell script implementation that can run from rescue disks or alternative directories for trusted execution

Log Analysis Components

Includes specialized tools like chklastlog, chkwtmp, and chkproc for analyzing system logs and detecting suspicious deletions or modifications

Pros and Cons

Pros

Completely Free

Open source tool with no licensing costs, freely available and redistributable

Lightweight and Fast

Minimal system resources required, quick scans, and can run from rescue media

Broad Platform Support

Works on Linux, FreeBSD, OpenBSD, NetBSD, Solaris, HP-UX, and macOS

Cons

False Positives

May generate false positives that require manual investigation and expertise to validate

Basic Reporting

Simple text output without advanced reporting, dashboards, or integration capabilities

Limited Detection Scope

Only detects known rootkits and cannot guarantee complete system security assessment

Feature Comparison

Comments

Blake WallaceSecureNet Hub

Blake WallaceSecureNet Hub

Jun 23, 2025

Basic rootkit detection tool

Chkrootkit is part of our Linux security toolkit. Simple to use and catches common rootkits. Not sophisticated but good for basic checks on client servers.

Alexander ReedDataSync Solutions

Alexander ReedDataSync Solutions

Jun 21, 2025

Simple malware detection

Chkrootkit provides basic malware scanning for Linux servers. Easy to automate in scripts. Limited detection compared to commercial tools but covers the basics.

Chase FreemanDataSecure Technologies

Chase FreemanDataSecure Technologies

Jun 18, 2025

Useful for routine security scans

Run chkrootkit monthly on client Linux systems. Free and lightweight. Results need manual review but helps identify potential compromises early.